Google Gemini can be hijacked to display fake email summaries in phishing scams

• Gemini in Workspace presents unique opportunities for fraud, researchers warn
• The AI tool can be tricked to display fake security warnings
• Businesses should make sure invisible text is not processed by the AI

Cybercriminals have found a creative new way to abuse Google’s Generative Artificial Intelligence (GenAI) to steal people’s Gmail accounts.

Google introduced Gemini, its AI-powered chatbot assistant into its Workspace suite of productivity apps some time ago, and one of the things Gemini can do is summarize incoming emails - so when a person receives an email, they can bring up a vertical pane on the right-hand side of the screen, asking Gemini for assistance with different things, such as bringing up vital email information, adding calendar entries, and more.

However experts have warned this also opens up the Gmail accounts for so-called “prompt-injection” attacks - so if the incoming email message contains a ...